[CLSA-2026:1777385319] alt-python36: Fix of 2 CVEs
Type:
security
Severity:
Critical
Release date:
2026-04-28 14:08:45 UTC
Description:
- CVE-2024-0450: zipfile raises BadZipFile on quoted-overlap archive entries to prevent high-ratio zip bombs - CVE-2026-6100: use-after-free in lzma/bz2 decompressors when a MemoryError leaves a stale next_in pointer on a re-used decompressor
Updated packages:
  • alt-python36-3.6.15-21.el7.x86_64.rpm
    sha:ef69986f5e5bdf635a6854c4eed9c8e63e01949039c0398135041779e42d47ac
  • alt-python36-debug-3.6.15-21.el7.x86_64.rpm
    sha:c5b099cbb6da521b64e153340e50b87bbe54f62e5123d67cc441c371e653ed9e
  • alt-python36-devel-3.6.15-21.el7.x86_64.rpm
    sha:7cd67368a722f4e4672e875465636762072be2da5650e010bd0ea6c3a878c40e
  • alt-python36-libs-3.6.15-21.el7.x86_64.rpm
    sha:634dc47822908780aee48391ba1810e2aad96189cf7ddf6698525780e0119358
  • alt-python36-test-3.6.15-21.el7.x86_64.rpm
    sha:b03b9d31c45631b58f0db93dfb9cb74d4263a593e0373802dc67531de2030e3e
  • alt-python36-tkinter-3.6.15-21.el7.x86_64.rpm
    sha:a74bf02c81c4b3d3fe063c5c23aebd9b2a68e901e7f66b26f4949522abcdefb2
  • alt-python36-tools-3.6.15-21.el7.x86_64.rpm
    sha:2da48a89de2c01452b972ea4422b704264d127b32c00b4f71a7416b447dd7e72
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.